Skip to content

Commit

Permalink
Merge pull request #1158 from GSA/staging
Browse files Browse the repository at this point in the history
Production Update 1003
  • Loading branch information
JBPayne007 authored Oct 3, 2024
2 parents 60ca895 + 0eeff3d commit a467036
Show file tree
Hide file tree
Showing 14 changed files with 52 additions and 33 deletions.
3 changes: 3 additions & 0 deletions _arch/architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,7 @@ You can combine or build upon the ICAM use cases to support your agency’s scen
<div id="m-a1" class="usa-accordion__content usa-prose gsa-target-accordion-content-area">
<p><img src="{{site.baseurl}}/assets/arch/usecases/credentials_creation.png" alt="Three hexagons with the letters I, C, and A. The I is highlighted in red for Identity Management, with a red banner for the Creation service." align="right" style="padding-left:15px" width="156" height="156"/></p>
<p>When you onboard an employee or contractor at your agency, you collect identity information from the individual and store parts of that information as identity attributes. These attributes serve as a digital proxy for the individual’s identity, also known as an enterprise identity.</p>
<br>
<hr />
<h2 id="use-case">Use Case</h2>
<p>In this use case, an administrator needs to collect or manage identity data for an employee or contractor for the purpose of creating an enterprise identity record and maintaining it throughout its lifecycle.</p>
Expand Down Expand Up @@ -511,6 +512,7 @@ You can combine or build upon the ICAM use cases to support your agency’s scen
<div id="m-a3" class="usa-accordion__content usa-prose gsa-target-accordion-content-area">
<p><img src="{{site.baseurl}}/assets/arch/usecases/credentials_provisioning.png" alt="Three hexagons with the letters I, C, and A. The I is highlighted in orange for Identity Management, with an orange banner for the Provisioning service. " align="right" style="padding-left:15px" width="156" height="156" /></p>
<p>You can assign access entitlements to individuals, roles, and groups. These entitlements define an employee or contractor’s access to agency services, so you’ll need to assign entitlements before an employee or contractor can access an agency service.</p>
<br>
<hr />
<h2 id="use-case">Use Case</h2>
<p>In this use case, an administrator needs to assign entitlements to an employee or contractor.</p>
Expand Down Expand Up @@ -548,6 +550,7 @@ You can combine or build upon the ICAM use cases to support your agency’s scen
<div id="m-a4" class="usa-accordion__content usa-prose gsa-target-accordion-content-area">
<p><img src="{{site.baseurl}}/assets/arch/usecases/credentials_issuance.png" alt="Three hexagons with the letters I, C, and A. The C is highlighted in green for Credential Management, with a green banner for the Issuance service. " align="right" style="padding-left:15px" width="156" height="156" /></p>
<p>After you identity proof an individual, you’ll issue some proof of that individual’s claimed identity. A credential (like a physical card) is a type of authenticator that serves as a tool for an employee or contractor to gain access to agency services.</p>
<br>
<hr />
<h2 id="use-case">Use Case</h2>
<p>In this use case, an administrator needs to issue a credential to an employee or contractor.</p>
Expand Down
42 changes: 26 additions & 16 deletions _data/fpkidocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
# Status Post - Post it to the website;
# Status Archive - Document is three years old or no longer valid. The document is actually retained in this repository, but not posted to the website.
# Remove - Date to change status from post to archive. This could be three years for change proposals or three years from when a document was replaced.
#
# Used on: https://www.idmanagement.gov/fpki/

- category: FPKIMA Audit Letter
numberProposal: 2023
Expand Down Expand Up @@ -325,14 +327,6 @@
status: post
remove: 05/06/2025

- category: Supplementary Guidance
numberProposal: 1.01
name: FPKI Annual Audit Review Guidelines v1.01
date: 09/29/2021
url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
status: post
remove: 09/29/2024

- category: Supplementary Guidance
numberProposal: 2.0.1
name: Personal Identity Verification Interoperability for Issuers v2.0.1
Expand Down Expand Up @@ -951,14 +945,6 @@
status: post
remove: 06/28/2024

- category: Supplementary Guidance
numberProposal: 1.0
name: FPKI Annual Audit Review Guidelines v1.0
date: 04/11/2017
url: /docs/archived/fpki-annual-review-requirements-v1-20170411.pdf
status: post
remove: 09/30/2024

- category: Supplementary Guidance
numberProposal: 2.0
name: NIST SP 800-53 Security Controls Overlay for PKI Systems v2.0
Expand Down Expand Up @@ -1014,3 +1000,27 @@
url: /docs/archived/us-federal-public-trust-tls-cp-v1-0-final.pdf
status: post
remove: 02/06/2026

- category: Annual Review Guidance
numberProposal: 1.2
name: FPKI Annual Review Requirements v1.2
date: 05/06/2022
url: /docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf
status: post
remove: 09/13/2027

- category: Annual Review Guidance
numberProposal: 1.01
name: FPKI Annual Review Requirements v1.01
date: 09/29/2021
url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
status: post
remove: 09/29/2024

- category: Annual Review Guidance
numberProposal: 1.0
name: FPKI Annual Review Requirements v1.0
date: 04/11/2017
url: /docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf
status: post
remove: 09/30/2024
4 changes: 3 additions & 1 deletion _ficampmo/fpki.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ The [FPKI Policy Authority (FPKIPA)]({{site.baseurl}}/ficam/#federal-public-key-
The FPKI has the following supplementary guidance:

- [Security Controls Overlay of NIST Special Publication 800-53 Revision 5 Security Controls for FPKI Systems (PDF, February 2021)]({{site.baseurl}}/docs/fpki-overlay-sp-800-53.pdf){:target="_blank"}{:rel="noopener noreferrer"} – The application of NIST Special Publication (SP) 800-53 security controls is required to operate a CA that is used in the FPKI and contains federal data. Review the controls overlay document to understand the requirements and details of each applicable control.
- [FBCA: Cross-Certification Evaluation Framework v5.0 (PDF, September 2024)]({{site.baseurl}}/docs/fbca-cross-certification-eval-fw.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides a general framework for conducting FPKI cross-certification. This framework includes pre-conditions for being considered as an applicant, the cross-certification process, maintenance of the cross-certified status, and circumstances for terminating the
cross-certification relationship.
- [Registration Authority Agreement Template v1.0 (Word, April 2017)]({{site.baseurl}}/docs/fpki-ssp-raa.docx){:target="_blank"}{:rel="noopener noreferrer"} - The purpose of this document is to identify and explain the roles and responsibilities of an enrollment/registration agent under the Federal PKI COMMON Policy Framework.
- [FPKI Incident Management Plan (PDF, September 2020)]({{site.baseurl}}/docs/fpki-imp.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance on the roles and responsibilities applicable to the FPKI Policy Authority (FPKIPA), FPKI Management Authority (FPKIMA), and FPKI affiliates in the event of an incident.
- [Archived copies of Certificate Policies, Profiles, and other FPKI-related documents]({{site.baseurl}}/fpki/#federal-pki-document-archive) - This page contains three years of FPKI-related documents.
Expand All @@ -62,7 +64,7 @@ Independent compliance audits are the primary way that the Federal Public Key In

Audits are required annually for supporting functions and elements of each entity. Annual review packages should be submitted to [fpki@gsa.gov](mailto:fpki@gsa.gov).

- [FPKI Annual Review Requirements (PDF, May 2022)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
- [FPKI Annual Review Requirements (PDF, September 2024)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
- [RA Audit Guidance Memorandum (PDF, October 2022]({{site.baseurl}}/docs/fpki-ra-audit-guidance.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This FPKIPA Memorandum reiterates the necessity of RA audits in supporting PKI operations, normalizes differing terminology used across various references, and provides options for reducing potential duplication of RA audit efforts, as applicable to PIV issuers.
- Annual PIV and PIV-I Credential Issuer (PCI) Test Report: This test report supports the FPKI Annual Reviews and can be done either in person at the GSA FIPS 201 lab or remotely by the package submitter. Further details related to the Annual PCI Testing are located [here]({{site.baseurl}}/fips201ep/#personal-identity-verification-credentials).
- [Non-Compliance Management Framework For The Federal Public Key Infrastructure (FPKI) (PDF, January 2016)]({{site.baseurl}}/docs/fpki-nmf.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance for the FPKI Policy Authority (FPKIPA) for responding to situations in which an FPKI FBCA member is not meeting their Memorandum of Agreement (MOA) requirements and obligations.
Expand Down
2 changes: 1 addition & 1 deletion _implement/fpki_notifications.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ These announcements and hot topics concern Federal Public Key Infrastructure cha
<script type="text/javascript" src="{{ site.baseurl }}/assets/js/gexfjs.js"></script>
<script type="text/javascript" src="{{ site.baseurl }}/assets/js/config.js"></script>

**Last Update**: September 26, 2024
**Last Update**: September 30, 2024

{% include graph.html %}

Expand Down
9 changes: 7 additions & 2 deletions _implement/tools/crawler-lastrun.json
Original file line number Diff line number Diff line change
Expand Up @@ -4032,10 +4032,15 @@
"serial-number": "175567204229783743591458183087529700129959",
"akid": "09 e4 78 56 41 02 a4 6b 20 da 93 e8 45 f6 31 e1 4c c4 c4 fc",
"skid": "b8 51 62 66 30 45 be e5 0c 57 1c 23 68 7e e6 4f f7 0b 3e f7",
"status": "Certificate Valid, but no Path to Common",
"status": "Certificate Invalid",
"pathbuilder-result": {
"result": "false",
"details": "Unable to build Path"
"details": "End Entity Cert expired or not valid"
},
"parent_path_identifier": "common_name:Carillon Federal Services PIV-I CA2,organizational_unit_name:Certification Authorities,organization_name:Carillon Federal Services Inc.,country_name:US:09e478564102a46b20da93e845f631e14cc4c4fc",
"validity-dates": {
"not-before": "2023-09-26 14:12:18+00:00",
"not-after": "2024-09-30 14:12:18+00:00"
}
},
{
Expand Down
4 changes: 2 additions & 2 deletions _implement/tools/fpki-certs.gexf
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
<?xml version="1.0" ?>
<gexf xmlns="http://gexf.net/1.3" xmlns:viz="http://gexf.net/1.3/viz" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://gexf.net/1.3 http://gexf.net/1.3/gexf.xsd" version="1.3">
<meta lastmodifieddate="2024-09-26">
<meta lastmodifieddate="2024-09-30">
<creator>py-crawler</creator>
<description>Created by Py-Crawler on 2024-09-26</description>
<description>Created by Py-Crawler on 2024-09-30</description>
</meta>
<graph defaultedgetype="directed" mode="static">
<nodes>
Expand Down
4 changes: 2 additions & 2 deletions _partners/acquisition-professional.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,9 @@ GSA Multiple Award Schedule (MAS) provides access to long-term government-wide c
- [541519ICAM](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/multiple-award-schedule-it/identity-credentialing-and-access-management){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – ICAM Solutions
- [541519PKI](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/multiple-award-schedule-it/pki-shared-service-providers-program){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – PKI Shared Service Providers (SSP)
- [541519PIV](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/multiple-award-schedule-it/hspd12-product-and-service-components){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – HSPD-12 Products and Service Components
- [541519CSP]({{site.baseurl}}/docs/credential-service-provider-capabilities-template-may-2024.docx){:target="_blank"}{:rel="noopener noreferrer"} - Credential Service Provider: The CSP SIN offers a centralized list of vendors providing Credential Services for the federal government. The CSP Capabilities Template provides a framework for CSPs to describe what services they provide in a standardized way. The filled out and submitted document will be used to ensure that vendors listed on the SIN are providing credential services that meet the needs of the government, and to help categorize them as component or full service providers. The filled out documents will also be available to Federal Acquisition staff to assist in making informed decisions about which CSP vendors will meet the specific needs of their applications.
- [541519CSP]({{site.baseurl}}/docs/credential-service-provider-capabilities-template-may-2024.docx){:target="_blank"}{:rel="noopener noreferrer"} - Credential Service Provider: The CSP SIN offers a centralized list of vendors providing Credential Services for the federal government. The CSP Capabilities Template provides a framework for CSPs to describe what services they provide in a standardized way. The filled-out and submitted document will be used to ensure that vendors listed on the SIN are providing credential services that meet the needs of the government and to help categorize them as component or full-service providers. The filled-out documents will also be available to Federal Acquisition staff to assist in making informed decisions about which CSP vendors will meet the specific needs of their applications.
- [334290PACS](https://www.gsaelibrary.gsa.gov/ElibMain/sinDetails.do?scheduleNumber=MAS&specialItemNumber=334290L&executeQuery=YES){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – Legacy PACS (non-FIPS 201)
- [541330SEC](https://www.gsaelibrary.gsa.gov/ElibMain/sinDetails.do?scheduleNumber=MAS&specialItemNumber=334290PACS&executeQuery=YES){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – PACS integrator vendor
- [Multiple Award Schedule IT Special Item Numbers (SINs)](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/multiple-award-schedule-it){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – Scroll down to “IT SINs” for links to specific items

Note that the purchasing process may differ, depending on the particular product or service you want. If you need help, please contact icam at gsa dot gov.
Note that the purchasing process may differ depending on the particular product or service you want. If you need help, please contact icam at gsa dot gov.
2 changes: 1 addition & 1 deletion _partners/fibf.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ All five ICAM FIBF components are drafted and establish the ICAM baseline for in

The project timeline is as follows:

[<img src="{{site.baseurl}}/assets/fibf/framework-timeline.png" alt="icam fibf comment timeline." width="560" height="280">]({{site.baseurl}}/assets/fibf/framework-timeline.png){:target="_blank"}{:rel="noopener noreferrer"}
[<img src="{{site.baseurl}}/assets/fibf/framework-timeline.png" alt="icam fibf comment timeline.">]({{site.baseurl}}/assets/fibf/framework-timeline.png){:target="_blank"}{:rel="noopener noreferrer"}

Please download **DRAFT ICAM FIBF Components 4 & 5** below to review:
- **[DRAFT ICAM FIBF Components 4 & 5]({{site.baseurl}}/docs/icam-fibf-workforce-identity-focused-excel-spreadsheet.xlsx){:target="_blank"}{:rel="noopener noreferrer"}**
Expand Down
7 changes: 3 additions & 4 deletions _partners/program-managers.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,14 @@ The Federal ICAM (FICAM) program helps federal agencies plan and manage enterpri

## ICAM Program Management 101

The [ICAM Program Management 101]({{site.baseurl}}/university/pm/) explains how to plan, implement, and manage an ICAM Program. Here, you’ll find content for ICAM program managers who need agency-level planning guides and templates to drive adoption of ICAM services within their organizations as well as information on how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.
The [ICAM Program Management 101]({{site.baseurl}}/university/pm/) explains how to plan, implement, and manage an ICAM Program. Here, you’ll find content for ICAM program managers who need agency-level planning guides and templates to drive adoption of ICAM services within their organizations, as well as information on how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.

This 101 guide answers the most common ICAM program organization and management questions, including:
- How can I establish governance to ensure ICAM alignment at the agency level?
- Who are my key ICAM stakeholders?
- What best practices support ICAM implementation?

The guide is organized by sections, each of which describes an essential feature of ICAM program management, including recommendations and lessons learned from agencies who have implemented ICAM programs.
The guide is organized into sections, each of which describes an essential feature of ICAM program management, including recommendations and lessons learned from agencies that have implemented ICAM programs.

## FICAM Architecture and Playbooks

Expand All @@ -55,5 +55,4 @@ These playbooks are hosted on GitHub and provide common policy interpretations a
## Related Information

- [National Cybersecurity Center of Excellence (NCCoE)](https://nccoe.nist.gov/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – The NCCoE works with experts from industry, government, and academia to address businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies.
- [NIST Identity & Access Management](https://www.nist.gov/identity-access-management){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – the NIST Identity & Access Management Resource Center,
share efforts that strengthen the security, privacy, usability, and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.
- [NIST Identity & Access Management](https://www.nist.gov/identity-access-management){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – the NIST Identity & Access Management Resource Center shares efforts that strengthen the security, privacy, usability, and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.
Loading

0 comments on commit a467036

Please sign in to comment.